GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,948
Erlang
29
GitHub Actions
16
Go
1,739
Maven
4,967
npm
3,504
NuGet
607
pip
3,064
Pub
10
RubyGems
832
Rust
779
Swift
34
Unreviewed advisories
All unreviewed
5,000+
460 advisories
Filter by severity
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Critical
CVE-2024-34716
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Cockpit CMS contains an arbitrary file upload vulenrability
Critical
CVE-2024-4825
was published
for
cockpit-hq/cockpit
(Composer)
May 14, 2024
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Critical
CVE-2021-27312
was published
for
gleez/cms
(Composer)
Apr 3, 2024
Remote Code Execution by uploading a phar file using frontmatter
Critical
CVE-2024-27923
was published
for
getgrav/grav
(Composer)
Mar 6, 2024
Shopware's session is persistent in Cache for 404 pages
Critical
CVE-2024-27917
was published
for
shopware/platform
(Composer)
Mar 6, 2024
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Critical
GHSA-97m3-52wr-xvv2
was published
for
phenx/php-svg-lib
(Composer)
Feb 22, 2024
Deserialization of Untrusted Data in Torrentpier
Critical
CVE-2024-1651
was published
for
torrentpier/torrentpier
(Composer)
Feb 20, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
Blind SQL injection in shopware
Critical
CVE-2024-22406
was published
for
shopware/core
(Composer)
Jan 17, 2024
Drupal Improper Access Control
Critical
CVE-2019-6342
was published
for
drupal/core
(Composer)
Jan 11, 2024
WWBN AVideo Insufficient Entropy vulnerbaility
Critical
CVE-2023-49599
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
plotly.js prototype pollution vulnerability
Critical
CVE-2023-46308
was published
for
plotly.js
(Composer)
Jan 3, 2024
PHPMemcachedAdmin Path Traversal vulnerability
Critical
CVE-2023-6026
was published
for
elijaa/phpmemcacheadmin
(Composer)
Nov 30, 2023
October CMS safe mode bypass using Twig sandbox escape
Critical
CVE-2023-44382
was published
for
october/system
(Composer)
Nov 29, 2023
Froxlor Improper Input Validation vulnerability
Critical
CVE-2023-6069
was published
for
froxlor/froxlor
(Composer)
Nov 10, 2023
Json response for search reveals Solr credentials
Critical
GHSA-7crc-r3wg-cfgf
was published
for
ezsystems/ezplatform-solr-search-engine
(Composer)
Nov 3, 2023
Json response for search reveals Solr credentials
Critical
GHSA-v6xp-ccvx-w52m
was published
for
ibexa/solr
(Composer)
Nov 3, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
phpMyFAQ Cross-site Scripting vulnerability
Critical
CVE-2023-5320
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability
Critical
CVE-2023-5316
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
Cache poisoning in drupal/core
Critical
CVE-2023-5256
was published
for
drupal/core
(Composer)
Sep 28, 2023
ProTip!
Advisories are also available from the
GraphQL API